CVE 9.3 CRITICAL

Hardcoded default Password for Service Account_CVE-2026-35075

June 3, 2026 invoker category_cve
9.3 / 10
CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices.

AI Analysis

Unauthenticated remote attacker can recover hardcoded default password for service account, gaining full access to affected devices

Basic Information

ID CVE-2026-35075
Source CERTVDE
Published Jun 3, 2026 at 10:38

Affected Product

Vendor MBS
Product Single-A
Version V1_0_0_0
Affected Versions MBS Single-A V1_0_0_0
MBS Double-A Profibus V1_0_0_0
MBS Double-A x-link V1_0_0_0
MBS Single-X V1_0_0_0
MBS Double-X CAN V1_0_0_0
MBS Double-X DALI V1_0_0_0
MBS Double-X KNX V1_0_0_0
MBS Double-X LON V1_0_0_0
MBS Double-X M-Bus V1_0_0_0
MBS Double-X PROFINET V1_0_0_0
MBS Double-X x-link V1_0_0_0
MBS Triple-X KNX+DALI V1_0_0_0
MBS Triple-X KNX+LON V1_0_0_0
MBS Triple-X KNX+M-Bus V1_0_0_0
MBS Triple-X PROFINET+DALI V1_0_0_0
MBS Triple-X PROFINET+KNX V1_0_0_0
MBS Triple-X PROFINET+LON V1_0_0_0
MBS Triple-X PROFINET+M-Bus V1_0_0_0

CWE Classification

CWE-1393

AI Assessment

AI Score 9.3 / 10
AI Severity Critical
Vendor MBS
Product MBS Single-A, MBS Double-A, MBS Single-X, MBS Double-X, MBS Triple-X
Version V1_0_0_0

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.